What happened to Horde webmail within my GreenGeeks cPanel account?
GreenGeeks has temporarily disabled access to the Horde Webmail client across our network. Unfortunately, this action was necessary as the GreenGeeks Server team became aware of a potential exploit within the third-party Horde Webmail client.
This exploit allows for a potential compromise of a device by simply opening up an infected email via the Horde interface.
Where can I find more information about this exploit?
For more information about the Horde exploit, please refer to the following links:
Exploit Info: https://blog.sonarsource.com/horde-webmail-rce-via-email/
CVE Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30287
How does this affect my GreenGeeks service?
The Horde Webmail client will be temporarily unavailable in your GreenGeeks webmail.
What is GreenGeeks doing to protect me from this Horde exploit?
Simply put, the best way to protect yourself from this exploit is to stop using Horde completely. Until a software patch is available, using Horde opens a vulnerability to exploits should a malicious email be opened.
Since there’s no way to identify these messages specifically, leaving Horde accessible posed a clear threat to the integrity of the GreenGeeks network.
To that end, GreenGeeks has temporarily disabled all access to the Horde Webmail client on the EcoSite & Reseller network segments to protect our users and their data.
While we understand that this may cause some inconvenience, this action was necessary to protect the integrity of our network from malicious activity.
When will access to Horde be restored?
GreenGeeks intends to re-enable access to the Horde Webmail Client as soon as possible once a patch has been rolled out and applied to our servers. If you have questions about this exploit we have not covered, please open a new Support Ticket from within your GreenGeeks Dashboard